We no longer hardcode connection strings (like "db main") into the source code. We use environment variables to keep credentials secret.
You cannot migrate a hash to a better hash without the original plaintext. Therefore, the better approach is to invalidate all passwords and force a reset on next login. db main mdb asp nuke passwords r better